What security measures should be taken to protect sensitive information, such as database passwords, in PHP scripts?
Sensitive information, such as database passwords, should never be hard-coded directly into PHP scripts as it poses a security risk. Instead, these sensitive details should be stored in a separate configuration file outside of the web root directory and accessed securely using PHP constants or environment variables.
<?php
// config.php
define('DB_HOST', 'localhost');
define('DB_USER', 'username');
define('DB_PASS', 'password');
define('DB_NAME', 'database');
// database.php
require_once('config.php');
$connection = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
if ($connection->connect_error) {
die("Connection failed: " . $connection->connect_error);
}
Related Questions
- What is the recommended format for storing dates in a MySQL database for future date comparisons in PHP?
- What are the best practices for implementing a permission system in PHP to control user access to different pages?
- What is the best practice for creating a function in PHP that increments a variable by 1 with each call or submission?